6 matches found
CVE-2025-52344
The CVE-2025-52344 entry concerns Explorance Blue 8.1.2, where multiple XSS vulnerabilities exist in input fields (Group name and Project Description). The root cause is insufficient input filtering in these fields, allowing arbitrary JavaScript to execute in a user’s browser. Impact is described...
CVE-2025-57795
CVE-2025-57795 affects Explorance Blue, versions prior to 8.14.13. The vulnerability exists in a web service component and allows an authenticated remote file download, which in default configurations can lead to remote code execution. Affected software is Explorance Blue up to 8.14.12 inclusive;...
CVE-2025-57792
CVE-2025-57792 affects Explorance Blue prior to version 8.14.9 with a SQL injection vulnerability caused by insufficient input validation in a web endpoint. The flaw allows crafted input to be executed as part of backend queries and is exploitable without authentication. Affected product/version ...
CVE-2025-57796
CVE-2025-57796 concerns Explorance Blue versions prior to 8.14.12 that use reversible symmetric encryption with a hardcoded static key to protect sensitive data (including user passwords and system configurations). The design allows offline decryption if encrypted data are obtained, representing ...
CVE-2025-57794
CVE-2025-57794 relates to Explorance Blue prior to 8.14.9, which contains an authenticated unrestricted file upload vulnerability in the administrative interface. The issue arises because uploaded file types are not adequately restricted, allowing malicious files to be uploaded and executed by th...
CVE-2025-57793
CVE-2025-57793 affects Explorance Blue before 8.14.9. The vulnerability is a SQL injection caused by insufficient validation of user-supplied input in a web application component, allowing crafted input to be executed in backend queries. The issue is exploitable without authentication, heightenin...